ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?

Conference:  BlackHat USA 2018



The presentation discusses the implementation of Zero Trust Network (ZTN) and its potential benefits in cybersecurity. The speaker evaluates the current state of device authentication and patch management and proposes hardware-rooted capabilities to raise the bar in device trust. The speaker also explains the three components of ZTN: mandatory user identity management, device trust and inventory, and access control engine. The presentation concludes with an anecdote about using adversary emulation to evaluate the security value of ZTN.
  • Current device authentication and patch management are rudimentary and insufficient in ensuring device trust
  • Hardware-rooted capabilities such as secure boot, TPM, and Intel's TXT and Skinit can improve device trust
  • ZTN has three components: mandatory user identity management, device trust and inventory, and access control engine
  • Adversary emulation can be used to evaluate the security value of ZTN
The speaker used adversary emulation to evaluate the security value of ZTN. By emulating the tactics of a common adversary, the speaker was able to identify potential weaknesses in the system and improve its security measures.


Over the last year, the "zero trust" network (ZTN) security architecture concept has generated interest both for its abstract security properties, and the marketing hoopla proclaiming it the "next big thing." The value proposition of "zero trust" networking is that it can more effectively prevent common security issues that lead to breaches while simultaneously enabling BYOD and removing the need for VPNs and legacy security concepts. ZTN architectures claim to enable both enhanced security and user freedom by removing implied trust from the network perimeter and replacing it measured trust at the user and device layers. This success of this scheme relies heavily on the ability to measure user and device security properties as a viable means to establish trust.In this talk, we will analyze the "zero trust" approach in several threat scenarios to determine its true effectiveness. This will include an examination of the platform and device security properties that can be measured to establish trust across modern OSs such as Windows, Chrome OS, iOS, and Android. This will incorporate a detailed technical dive into the capabilities and limitations of device trust measurement frameworks such as Google's SafetyNet/Verified Access, Microsoft's System Guard Runtime, and common EDR/AV products. ZTN based methods for combining device and identity-based to provide access and authorization will also be examined.Finally, public ZTN implementations will compared to a wide range of threats from common REDTEAM tradecraft all the way though hardware and firmware attacks. Attendees will walk away from the talk with a technically sound view on the potential and pitfalls of ZTN based networks, which will help to cut through the marketing hype.



Post a comment